CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader
A buffer overflow vulnerability exists in Zlib::GzipReader . This vulnerability has been assigned the CVE identifier CVE-2026-27820 . We recommend upgrading the zlib gem. Details The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. Recommended action We recommend to update the zlib gem to version 3.2.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: For Ruby 3.2 users: Update to zlib 3.0.1 For Ruby 3.3 users: Update to zlib 3.1.2 You can use gem update zlib to update it. If you are using bundler, please add gem "zlib", ">= 3.2.3" to your Gemfile. Affected versions zlib gem 3.2.2 or lower Credits Thanks to calysteon for reporting this issue. Also thanks to nobu for creating the patch. History Originally published at 2026-03-05 09:00:00 (UTC) Posted by hsbt on 5 Mar 2026
A critical buffer overflow vulnerability in the Zlib::GzipReader library has been discovered and assigned the CVE identifier CVE-2026-27820. This issue affects versions of the zlib gem 3.2.2 and lower, making it imperative for users to upgrade to the recommended versions to mitigate the risk.
The vulnerability stems from a flaw in the zstream_buffer_ungets function within the Zlib::GzipReader. This function is responsible for prepending caller-provided bytes to previously produced output. However, it does not ensure that the backing Ruby string has sufficient capacity before shifting the existing data using memmove. When the buffer length exceeds the available capacity, this can lead to memory corruption, potentially allowing attackers to execute malicious code or manipulate data in unintended ways.
To address this vulnerability, the zlib gem has been updated to version 3.2.3 or later. For users of older Ruby series, specific versions are recommended to maintain compatibility: Ruby 3.2 users should update to zlib 3.0.1, while Ruby 3.3 users should upgrade to zlib 3.1.2. The simplest way to update the zlib gem is by running the command `gem update zlib` in the terminal. If you are using Bundler, add `gem "zlib", ">= 3.2.3"` to your Gemfile and run `bundle update zlib` to install the updated version.
The issue was reported by calysteon, who played a crucial role in bringing the vulnerability to light. nobu then developed a patch to fix the problem, ensuring that the zlib gem is secure against this buffer overflow attack.
It is essential for developers and system administrators to promptly update their systems to the recommended versions of the zlib gem. Failing to do so may leave applications and systems vulnerable to potential exploits, which could lead to data breaches, unauthorized access, or other security incidents.
In conclusion, the discovery and resolution of CVE-2026-27820 underscore the importance of regular software updates and vigilance in the open-source community. By addressing this vulnerability swiftly, the zlib gem has been fortified, and users can now enjoy enhanced security for their applications that rely on this library.
